Culture and Org.: Information security targets are communicated
Risk and Opportunity
Risk: Employees don't known their organisation security targets. Therefore security is not considered during development and administration as much as it should be.
Opportunity: Transparent and timely communication of the security targets by senior management is essential to ensure teams' buy-in and support.
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM 1 Mapping: SM1-B